Cisco Network Services Orchestrator Information Disclosure Vulnerability
CVE-2020-3362

4.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Network Services Orchestrator
Vendor: CVE Published:; 18 June 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.

Affected Version(s)

Cisco Network Services Orchestrator

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jun 18, 2020
Vulnerability Reserved
Dec 12, 2019